CVE-2026-0846
HIGH8.6EPSS 0.09%NLTK has Arbitrary File Read via Absolute Path Input in nltk.util.filestring()
發布日:2026/3/9修改日:2026/5/21
描述
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.
受影響套件(3)
- Debian/nltkfrom 0
- PyPI/nltkfrom 0, < 3.9.3
- PyPI/nltkfrom 0, <= 3.9.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-0846
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-0846
- PATCHhttps://github.com/nltk/nltk
- WEBhttps://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974
- WEBhttps://github.com/nltk/nltk/pull/3485
- WEBhttps://huntr.com/bounties/007b84f8-418e-4300-99d0-bf504c2f97eb